Conficker hitting hardest in Asia, Latin America
Computer networks in Asia and Latin America are the most susceptible to a fast-spreading computer worm, which has infected between 6 million and 9 million PCs worldwide, security experts said.
According to Symantec, China and Argentina are the countries that have been hit hardest by the worm, which started spreading about two months ago but is thought to have infected millions over the past few weeks. China accounts for close to 29 percent of the infections tracked by Symantec, and Argentina was second with just over 11 percent, according to Alfred Huger, vice president of Symantec Security Response. "We're not seeing anywhere near the number of infections in western Europe and North America."
The worm, known by several names including Conficker and Downandup, has been spreading by taking advantage of a flaw in a Windows Server service that Microsoft patched last October. Conficker can also spread by guessing administrative passwords on a network and infecting USB devices that connect to computers.
Infection rates in the U.S. are closer to the 1 percent level, Huger said.
Phil Porras, program director at SRI International, said the worm has hit China, Brazil, Russia and Argentina the hardest. Interestingly, an earlier variant of Conficker would not attack victims who were using Ukrainian keyboards, but the latest version of the worm does.
Huger said the worm's designer has written special code that operates a certain way on Chinese and Brazilian networks, meaning those two countries may have been targeted by the attackers.
Nobody knows for sure why Asia and Latin America were so hard hit, but Huger and Porras both said countries with large amounts of pirated software were more likely to be affected. "I think that piracy plays a role, though I don't know if it's the key contributor," Huger said.
Both researchers were waiting to see what hackers would do now that they have infected such a large number of computers. Earlier versions of Conficker tried to install a program called Antivirus XP, a notorious rogue antivirus program that infects victims' computers with pop-up messages in an attempt to trick them into paying for bogus software.
Researchers said the machines could be converted into what would be the world's largest botnet computer network or sold off piecemeal to criminals.
Infected computers are now regularly visiting about 500 rendezvous points on the Internet looking for instructions. When those instructions finally appear, computer experts will know more about what the worm was designed to do.
"It's a fantastic spread relative to other threats, and yet the author seems to have become suddenly self-conscious about updating," Huger said. "Maybe he's concerned about all the press it's getting and doesn't want to go to jail."
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Conflicker
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
